[Free] 2019(Nov) EnsurePass Cisco 400-101 Dumps with VCE and PDF 231-240

Get Full Version of the Exam

Question No.231

Which two options are BGP attributes that are updated when router sends an update to its eBGP peer? (Choose two.)

  1. weight

  2. local preference

  3. AS_path

  4. next-hop

Correct Answer: CD


AS_Path describes the inter-AS path taken to reach a destination. It gives a list of AS Numbers traversed when reaching to a destination. Every BGP speaker when advertising a route to a peer will include its own AS number in the NLRI. The subsequent BGP speakers who advertise this

route will add their own AS number to the AS_Path, the subsequent AS numbers get prepended to the list. The end result is the AS_Path attribute is able to describe all the autonomous systems it has traversed, beginning with the most recent AS and ending with the originating AS. NEXT_HOP Attribute specifies the next hop IP address to reach the destination advertised in the NLRI. NEXT_HOP is a well-known mandatory attribute that is included in every eBGP update.

Reference: http://netcerts.net/bgp-path-attributes-and-the-decision-process/

Question No.232

Which two are features of DMVPN? (Choose two.)

  1. It does not support spoke routers behind dynamic NAT.

  2. It requires IPsec encryption.

  3. It only supports remote peers with statically assigned addresses.

  4. It supports multicast traffic.

  5. It offers configuration reduction.

Correct Answer: DE


DMVPN Hub-and-spoke deployment model: In this traditional topology, remote sites (spokes) are aggregated into a headend VPN device at the corporate headquarters (hub). Traffic from any remote site to other remote sites would need to pass through the headend device. Cisco DMVPN supports dynamic routing, QoS, and IP Multicast while significantly reducing the configuration effort.

Reference: http://www.cisco.com/c/en/us/products/collateral/security/dynamic-multipoint-vpn- dmvpn/data_sheet_c78-468520.html

Question No.233

Which technology can be used to secure the core of an STP domain?

  1. UplinkFast

  2. BPDU guard

  3. BPDU filter

  4. root guard

Correct Answer: D


Since STP does not implement any authentication or encryption to protect the exchange of BPDUs, it is vulnerable to unauthorized participation and attacks. Cisco IOS offers the STP Root Guard feature to enforce the placement of the root bridge and secure the core of the STP domain. STP root guard forces a port to become a designated port so that no switch on the other end of the link can become a root switch. If a port configured for root guard receives a superior BPDU, the port it is received on is blocked. In this way, STP root guard blocks other devices from trying to become the root bridge.

STP root guard should be enabled on all ports that will never connect to a root bridge, for example, all end user ports. This ensures that a root bridge will never be negotiated on those ports.

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebase book/sec_chap7.html

Question No.234

Which two statements about packet fragmentation on an IPv6 network are true? (Choose two.)

  1. The fragment header is 64 bits long.

  2. The identification field is 32 bits long.

  3. The fragment header is 32 bits long.

  4. The identification field is 64 bits long.

  5. The MTU must be a minimum of 1280 bytes.

  6. The fragment header is 48 bits long.

Correct Answer: AB


The fragment header is shown below, being 64 bits total with a 32 bit identification field:


Reference: http://www.openwall.com/presentations/IPv6/img24.html

Question No.235

Refer to the exhibit. Which three statements about this configuration are true? (Choose three.)


  1. The default route appears in the global routing table.

  2. The static route appears in the VRF red routing table.

  3. The subnet is unique to the VRF red routing table.

  4. The static route is added to the global routing table and leaked from the VRF red.

  5. The subnet is unique to the global routing table.

  6. is reachable using any of the addresses on the router where the static route is


Correct Answer: ABE


This is an example of the route leaking feature. Here, this static route is created for the red VRF so it will be installed into the red VRF routing table, but the use of the global keyword will cause this default route to appear in the global routing table.

Question No.236

Packets from a router with policy-based routing configured are failing to reach the next hop. Which two additions can you make to the router configuration to enable the packets to flow correctly? (Choose two.)

  1. Enable ip proxy-arp on the exiting interface.

  2. Specify the next hop as an address.

  3. Specify the next hop as an interface.

  4. Add a match-any permit statement to the route map.

Correct Answer: AB


Here is an example:

Router(config)#route-map Engineers permit 20 Router(config-route-map)#match ip address 2 Router(config-route-map)#set interface Ethernet1

Here, instead of specifying a next-hop, it specifies that any packets matching this rule will be forwarded directly out the interface Ethernet1. This means that either the destination device must be on this segment, or there must be a router configured with Proxy ARP that can forward the packet to the ultimate destination.

Question No.237

Which two statements are true about unicast RPF? (Choose two.)

  1. Unicast RPF requires CEF to be enabled.

  2. Unicast RPF strict mode works better with multihomed networks.

  3. Unicast RPF strict mode supports symmetric paths.

  4. Unicast RPF strict mode supports asymmetric paths.

  5. CEF is optional with Unicast RPF, but when CEF is enabled it provides better performance.

Correct Answer: AC


Unicast RPF requires Cisco express forwarding (CEF) to function properly on the router. Strict Versus Loose Checking Mode

The Unicast RPF in Strict Mode feature filters ingress IPv4 traffic in strict checking mode and forwards packets only if the following conditions are satisfied.

An IPv4 packet must be received at an interface with the best return path (route) to the packet source (a process called symmetric routing). There must be a route in the Forwarding Information Base (FIB) that matches the route to the receiving interface. Adding a route in the FIB can be done via static route, network statement, or dynamic routing.

IPv4 source addresses at the receiving interface must match the routing entry for the interface.

References: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfrpf.html


Question No.238

Which IP SLA operation type is enhanced by the use of the IP SLAs Responder?

  1. DNS

  2. HTTP

  3. ICMP Echo

  4. UDP Echo

Correct Answer: D



Response time (round-trip time) is computed by measuring the time taken between sending a UDP echo request message from Device B to the destination deviceDevice Aand receiving a UDP echo reply from Device A. UDP echo accuracy is enhanced by using the IP SLAs Responder at Device A, the destination Cisco device. If the destination device is a Cisco device, then IP SLAs sends a UDP datagram to any port number that you specified. Using the IP SLAs Responder is optional for a UDP echo operation when using Cisco devices. The IP SLAs Responder cannot be configured on non-Cisco devices.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipsla/configuration/15-mt/sla-15-mt- book/sla_udp_echo.html

Question No.239

When EIGRP is used as the IPv4 PE-CE protocol, which two requirements must be configured before the BGP IPv4 address family can be configured? (Choose two.)

  1. the route distinguisher

  2. the virtual routing and forwarding instance

  3. the loopback interface

  4. the router ID

Correct Answer: AB


A VRF must be created, and a route distinguisher and route target must be configured in order for the PE routers in the BGP network to carry EIGRP routes to the EIGRP CE site. The VRF must also be associated with an interface in order for the PE router to send routing updates to the CE router.


Before this feature can be configured, MPLS and CEF must be configured in the BGP network, and multiprotocol BGP and EIGRP must be configured on all PE routers that provide VPN services to CE routers.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/seipecec.html#wp1083316

Question No.240

Refer to the exhibit. Which two statements about this configuration are true? (Choose two.)


  1. Spoke devices will be dynamically added to the NHRP mappings.

  2. The next-hop server address must be configured to on all spokes.

  3. The next-hop server address must be configured to on all spokes.

  4. R1 will create a static mapping for each spoke.

Correct Answer: AC


NHRP is a client/server model protocol which is defined by RFC2332. The hub is considered to be the Next Hop Server (NHS) and the spokes are considered to be the Next Hop Client (NHC). The hub must be configured as the next-hop server.

NHRP provides a mapping between the inside and outside address of a tunnel endpoint. These mappings can be static or dynamic. In a dynamic scenario, a next-hop server (NHS) is used to maintain a list of possible tunnel endpoints. Each endpoint using the NHS registers its own public and private mapping with the NHS. The local mapping of the NHS must always be static. It is important to note that the branch points to the inside or protected address of the NHS server. This scenario is an example of dynamic mappings.

Reference: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG/DMVPN_2

_ Phase2.html

Get Full Version of the Exam
400-101 Dumps
400-101 VCE and PDF